Solutions
Solutions
All in one solution
Overview
Managed XDR
Keep my IT safe 24/7
24/7 Incident Response
Restore business operations
Security Awareness
Improve security culture
Cyber Insurance
Ensure business continuity
Integrations
Technology partners
Industry
All sectors
Logistics
Manufacturing
Professional services
Healthcare
Partners
Partner Network
For Brokers & Risk Advisors
Lower your clients' cyber risk.
For Managed Service Providers (MSP)
Expand your offer with cybersecurity.
Case studies
Customer protection
Jan de Rijk
Logistics
Avi Medical
Healthcare
KeyTec Netherlands
Manufacturing
Van der Most Transport
Logistics
SHG Groep
Healthcare
Zimmer Group
Manufacturing
KlaassenGroep
Construction
GOED Belgium
Healthcare
Plans
Resources
Resources
Blog
News from the front lines
Resource Library
Guides and brochures
Knowledge Base
Customer login
Free Anti-spoofing Tool
Sign up to get started
NIS2 Resource Hub
The latest news around NIS2
Eye Research
Tech blog and real-world incidents
Trend Report 2026
Insights from 630 cyber investigations
Glossary of Terms
An overview of cybersecurity terms
Learning Hub
Understand the building blocks
Webinars & Events
All digital & live events at a glance
Company
About
News
Careers
Contact
Press
Talk to us
Take a tour
Solutions
Back
Solutions
All in one solution
Managed XDR
24/7 Incident Response
Security Awareness
Cyber Insurance
Integrations
Industry
All sectors
Logistics
Manufacturing
Professional services
Healthcare
Partners
Back
Partner Network
For Brokers & Risk Advisors
For Managed Service Providers (MSP)
Case studies
Back
Customer protection
Jan de Rijk
Avi Medical
KeyTec Netherlands
Van der Most Transport
SHG Groep
Zimmer Group
KlaassenGroep
GOED Belgium
Plans
Resources
Back
Resources
Blog
Resource Library
Knowledge Base
Free Anti-spoofing Tool
NIS2 Resource Hub
Eye Research
Trend Report 2026
Glossary of Terms
Learning Hub
Webinars & Events
Company
About
News
Careers
Contact
Press
Book a demo
Incident Hotline

Identity security in focus 2026.

This year, threat actors abuse legitimate credentials, trusted sessions, and familiar workflows. See what advances in GenAI and email compromise tell us about how, when, and why attacks happen in the year of silent intrusion. 

 
Copy of USE Webinar Templates 11 Light Blue Q4 2025
“BEC thrives not on technical complexity but on credibility and timing. The data reinforces that defending against such incidents calls for email authentication controls, continuous user awareness, and vigilant financial process validation to counter manipulation at its core.” 
Lodi Hensen.
VP Security Alliances
Lodi Hensen headshot
“BEC thrives not on technical complexity but on credibility and timing. The data reinforces that defending against such incidents calls for email authentication controls, continuous user awareness, and vigilant financial process validation to counter manipulation at its core.” 
Lodi Hensen.
VP Security Alliances
Lodi Hensen headshot

European cybercrime is shifting toward identities and trust.

81%

of all cases were Business Email Compromise (BEC)

79%

of BEC cases in 2025 involved MFA bypass

63%

of BEC cases originated from phishing via link

The findings at a glance

Eye Security’s The State of BEC 2026 is based on 343 incidents investigated between January 1 and December 31, 2025, across midmarket organisations in the Benelux and Germany, representing 2,064 hours of incident response effort. Business Email Compromise (BEC) accounted for 81% of all cases, making it the dominant form of cyber intrusion observed.

Geographically, activity was concentrated in the Netherlands (66%), reflecting the dominant customer base, followed by Belgium (21%) and Germany (11%). Across all regions in the dataset, BEC consistently emerged as the primary incident type where MDR was present, indicating that visibility drives observed incidence rates.

The data reveals a structural gap between organisations with and without continuous monitoring. In MDR-enabled environments, median dwell time for BEC was 19 minutes. In contrast, in non-monitored environments, threat actors remained undetected for a median of 18 days. This disparity extends to response timelines, directly affecting the ability to contain financial and operational impact.


BEC is overwhelmingly an identity-driven threat. Over 99% of incidents occurred in Microsoft 365 environments, reflecting the prevalence of Microsoft 365 within the analysed environments. Multi-factor authentication (MFA) was bypassed in 79% of cases, most commonly through session hijacking techniques such as adversary-in-the-middle. Phishing via link remains the dominant entry vector, increasingly reinforced by generative AI. 

Identity has become the primary attack surface, and detection speed is the defining variable in limiting impact. Preventive controls alone are insufficient. Effective defence depends on continuous visibility across environments, rapid investigation, and the ability to respond within minutes. 

Get behind the scenes of a real BEC case.

BEC webinar banner
IDENTITY ATTACKS IN FOCUS

Multi-actor Intrusion in Business Email Compromise

What happens when not one, but two threat actors gain access to the same environment without triggering a single alert? This is a step-by-step reconstruction of how modern BEC attacks unfold in Microsoft 365, from initial access to internal phishing, data exposure, and persistence.

Watch the webinar
BEC webinar banner
IDENTITY ATTACKS IN FOCUS

Multi-actor Intrusion in Business Email Compromise

What happens when not one, but two threat actors gain access to the same environment without triggering a single alert? This is a step-by-step reconstruction of how modern BEC attacks unfold in Microsoft 365, from initial access to internal phishing, data exposure, and persistence.

Watch the webinar

850+ European companies trust Eye Security with everything they’ve built.

It feels great to know that someone is looking over your shoulder 24/7. Now I can sleep with two eyes closed.
Marco ter Haar, IT Manager.
A pen test alone to identify all the threats would have cost us as much as our annual cost for Eye’s all round service.
Thorsten Spieker, Director of Engineering.
It is very pleasant to work with a supplier who speaks our business’ language and also works together with our IT supplier.
Gertjan Van der Most, CEO.
The pricing of the service is very transparent and fair.
Fred Westdijk, CEO.
The right people in the right place with the right expertise. Short lines of communication and an immediate solution to your IT security questions and issues.
Hans Raaijmakers, Owner.
I can really talk to them and they think constructively. They don’t just come in with a commercial product.
Peter Onland, Former IT Manager.

Enterprise-grade, made for the mid-market

This is tailored cybersecurity that meets the scale and complexity of mid-market organisations without the overhead of enterprise-only tools. Simple and to the point. AI-driven detection and expert-led response prevent downtime, protect revenue, and safeguard operations while helping you prepare for the unexpected. 

Protect business continuity

  • Best-of-breed EDR and ITDR
  • 24/7 in-house SOC
  • 24/7 incident response

Build future readiness

  • Annual cyber reviews 
  • Attack surface deep dives
  • Proactive vulnerability and threat hunting

Simplify cybersecurity

  • All-in-one, all-you-need package
  • Onboarding within hours 
  • Built for your scale and risk profile

Accelerate compliance

  • Streamlined audits and regulatory alignment
  • Competitive cyber insurance premiums
  • Frictionless insurance qualification and renewals
Get in touch

Discover why companies choose Eye Security.

Protect yourself against digital threats with Europe's leading Open XDR solution. Try a demo to see how Eye Security compares to your existing solution.

  • Protect your business 24/7
  • Prevent ransomware & data breaches
  • Respond to attacks within minutes
  • Mitigate financial losses with cyber insurance, advised by brokers

 

Trusted by European companies:

Talk to an expert.